package com.ssm.web.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * 权限测试
 */
@RestController
@RequestMapping("security")
public class SecurityController {

    @Secured({"ROLE_sale"})
    @RequestMapping("s001")
    public Object s001() {
        return "s001";
    }

    @PreAuthorize("hasAnyAuthority('menu:system')")
    // @PreAuthorize("hasRole('admin')")
    @RequestMapping("s002")
    public Object s002() {
        return "s002";
    }

    @PostAuthorize("hasAuthority('admin')")
    @RequestMapping("s003")
    public Object s003() {
        return "s003";
    }

    @PreFilter("str == 'xxx'")
    @RequestMapping("s004")
    public Object s004(String str) {
        return "s004";
    }
}
